April saw record-low crypto losses from hacks and scams, according to an April 30 report from blockchain security platform Certik seen by Cointelegraph. Only $25.7 million was lost in attacks over the course of the month, the lowest amount since CertiK started keeping track of this data in 2021.
According to the report, losses from hacks, exploits and scams were down 141% over the previous month. The decline is mostly due to the lack of private key compromises. In March, there were 11 attacks against protocols via private key compromises, whereas in April, there were only three.
Despite this good news for crypto users, some notable hacks and scams during the month caused losses of several hundreds of thousands or even millions of dollars. Memecoin Condom “advertised a presale address on the Solana network,” which was used to drain funds from unsuspecting users. A total of approximately $933,000 of crypto was lost in that attack.
Bitcoin Lightning Network exchange FixedFloat also suffered a major hack on April 1, losing approximately $3 million in the process. This was the second time in 2024 that FixedFloat was attacked. The previous incident took place in February.
Out of the $25.7 million in total losses reported for the month, a significant portion — $21 million — was attributed to exploits, with only three of these breaches each resulting in over $1 million in damages. Flash loan attacks accounted for $129,000 in losses, with the largest single incident causing $55,000 in damages. According to CertiK, this marked the lowest incidence of flash loan attacks since February 2022. Additionally, there were 13 exit scams during the month, reflecting a 40% decrease from March.
CertiK stated that these figures did not include ZKasino, a project that prevented investors from withdrawing funds they had deposited. Although the report considers the project to be in the middle of a “controversy,” it has not yet labeled it a scam. The security platform claimed that it would update its figures if ZKasino is confirmed to be acting nefariously. ZKasino moved funds to the Lido protocol on April 22, angering many of its users.
Just after CertiK’s report was issued, the decentralized finance app Yield Protocol was exploited for $181,000. Yield had been officially closed down by its developer. However, because of the immutable nature of smart contracts, some users can still interact with them.
Magazine: DeFi’s billion-dollar secret: The insiders responsible for hacks